[solved] Modsecurity

We are new to Litespeed, and have installed on a server with CPanel using the plugin. All gone well apart from Mod_security acting strangely.

We have commercial ASL rule set. I found I had to remove some of the rules based on errors when litespeed started. This I expected (file uploads etc).

However it still seemed a 406 could not be triggered with an obvious attack URL which I know would normally work. I therefore tried putting a rule in ahead of the ASL modsec rules. This time the 406 could be triggered. So I started removing ASL rules based on the order they loaded. I found the cure was emptying the whitelist.txt which was being loaded by